Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites. The zero-day was used in ...

A hacker group is exploiting vulnerabilities in more than ten WordPress plugins to create rogue admin accounts on WordPress sites across the internet. The attacks are an escalation part of a hacking ...

WordFence disclosed critical RCE flaw (CVE-2025-6389) in Sneeit Framework plugin, affecting versions ≤8.3 Exploitation allows attackers to create admin accounts, install malicious plugins, and hijack ...

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really ...

Thousands of WordPress sites could be at risk as a vulnerability in the Ultimate Member plugin gets exploited, but a quick fix will stop your site from being taken over. The plugin, which has amassed ...

A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially ...

Popular web hosting site WordPress has come under attack from hackers exploiting a flaw that allows them to create rogue admin accounts. Researchers at security firm Wordfence discovered that known ...

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors. A pair of security vulnerabilities in the WordPress search engine ...

The United States Government Vulnerability Database and WordPress security researchers published alerts of WordPress plugin vulnerabilities. Among those plugins, nine of the most popular plugins ...